CVE-2021-28712
Summary
| CVE | CVE-2021-28712 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-05 17:15:00 UTC |
| Updated | 2022-04-06 16:33:00 UTC |
| Description | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Xen | Xen | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 2941-1] linux-4.19 security update | MLIST | lists.debian.org | |
| [SECURITY] [DLA 2940-1] linux security update | MLIST | lists.debian.org | |
| xenbits.xenproject.org/xsa/advisory-391.txt | MISC | xenbits.xenproject.org | |
| Debian -- Security Information -- DSA-5050-1 linux | DEBIAN | www.debian.org | |
| Debian -- Security Information -- DSA-5096-1 linux | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Array
Legacy QID Mappings
- 179012 Debian Security Update for linux (DSA 5050-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 181951 Debian Security Update for linux (CVE-2021-28712)
- 198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
- 198708 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)
- 198709 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5338-1)
- 198731 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)
- 198740 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-5377-1)
- 199560 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6001-1)
- 199568 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6013-1)
- 199577 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6014-1)
- 282190 Fedora Security Update for kernel (FEDORA-2021-e6cbca1e9e)
- 282191 Fedora Security Update for kernel (FEDORA-2021-4f1a2cdf2e)
- 353130 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-021
- 353151 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-009
- 353160 Amazon Linux Security Advisory for kernel : ALAS2-2022-1749
- 353161 Amazon Linux Security Advisory for kernel : ALAS-2022-1563
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 354747 Amazon Linux Security Advisory for kernel : ALAS-2023-1688
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 6140331 AWS Bottlerocket Security Update for kernel (GHSA-w35h-h8m5-pj42)
- 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
- 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
- 671505 EulerOS Security Update for kernel (EulerOS-SA-2022-1489)
- 671535 EulerOS Security Update for kernel (EulerOS-SA-2022-1508)
- 751590 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0056-1)
- 751600 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0068-1)
- 751602 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0080-1)
- 751622 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0131-1)
- 751654 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0197-1)
- 751695 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)
- 751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
- 751698 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)
- 751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
- 751702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)
- 751989 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0131-1)
- 753133 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0181-1)
- 753264 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0079-1)
- 753355 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0056-1)